General

  • Target

    ed6dcfe516c20b3c4e309f2529f456a5.exe

  • Size

    5.8MB

  • Sample

    240502-sb2p2abd2z

  • MD5

    ed6dcfe516c20b3c4e309f2529f456a5

  • SHA1

    faff36a4bed00a63a2efd4a894b4b2abcf229f7c

  • SHA256

    56070412a6e7209e9119d7402952a04ef8063fb535ed4ce8abed661594077a01

  • SHA512

    94a4b6171683971f3e94c6eec478cad3e5ff89f65a171ea3af4c79172fb282af4f68a7eae0004eb5eb6afc2303f14ffed426d8ce0e4d4e98e8b2d6fe3047b558

  • SSDEEP

    98304:89FluRchsKtZ9qdhP4418frP3wbzWFimaI7dloW:81gKtZ9GwgbzWFimaI7dlZ

Malware Config

Targets

    • Target

      ed6dcfe516c20b3c4e309f2529f456a5.exe

    • Size

      5.8MB

    • MD5

      ed6dcfe516c20b3c4e309f2529f456a5

    • SHA1

      faff36a4bed00a63a2efd4a894b4b2abcf229f7c

    • SHA256

      56070412a6e7209e9119d7402952a04ef8063fb535ed4ce8abed661594077a01

    • SHA512

      94a4b6171683971f3e94c6eec478cad3e5ff89f65a171ea3af4c79172fb282af4f68a7eae0004eb5eb6afc2303f14ffed426d8ce0e4d4e98e8b2d6fe3047b558

    • SSDEEP

      98304:89FluRchsKtZ9qdhP4418frP3wbzWFimaI7dloW:81gKtZ9GwgbzWFimaI7dlZ

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

MITRE ATT&CK Enterprise v15

Tasks